Patent application title: SYSTEM AND METHOD FOR CONTROLLING DISPLAY OF COPY-NEVER CONTENT

Abstract:

A method and system for controlling the use of unauthorized content, and
specifically for controlling the display of content that is marked as
"copy-never." A compliant signal source transmits a video signal along
with a secure timestamp to a compliant display device. The compliant
display device determines whether the video signal is authorized to be
displayed by determining the content management usage rights status in
the video signal and the delay between when the video signal was
transmitted and when it was received. In an embodiment of the invention,
copy-never content that exceeds a defined delay between transmission and
reception is prevented from being displayed.

Claims:

1.-36. (canceled)

37. A video display device, comprising:a detector adapted to detect a
secure timestamp for a video signal received by the video display
device;a comparator operatively connected to the detector, and adapted to
determine a transmission time lag being a difference between a time
indicated by the secure timestamp and a time the video signal is first
received by the display device; anda display driver operatively connected
to the detector and to the comparator, wherein the comparator and display
driver are configured to prevent normal display of the video signal by
the display device if the transmission time lag exceeds a defined maximum
lag period, and to display the video signal as a video image on the
display device if the transmission time lag does not exceed the maximum
lag period.

38. The video display device of claim 37, wherein the detector is further
adapted to determine whether a copy-never indicator is associated with
the video signal.

39. The video display device of claim 38, wherein the comparator and
display driver are further configured to prevent normal display of the
video signal only if the video signal comprises a copy-never indicator.

40. The video display device of claim 37, wherein the comparator and
display driver are further configured to prevent normal display of the
video signal if the detector does not detect that the video signal
comprises a secure timestamp.

41. The video display device of claim 37, wherein the detector is further
adapted to obtain a value of the secure timestamp from the video signal.

42. The video display device of claim 41, wherein the detector is further
adapted to obtain a value of the secure timestamp from a defined portion
of a vertical blanking interval of the video signal.

43. The video display device of claim 41, wherein the detector is further
adapted to obtain a value of the secure timestamp from a watermark
contained in the video signal.

44. The video display device of claim 37, wherein the comparator and
display driver are further configured to prevent normal display of the
video signal if the transmission time lag exceeds a number in the range
of about 1 to 1000 milliseconds.

45. The video display device of claim 37, wherein the comparator and
display driver are further configured to prevent normal display of the
video signal if the time lag exceeds a number in the range of about 1 to
100 minutes.

46. The video display device of claim 37, wherein the detector is further
adapted to decrypt a value for the secure timestamp using public and
private keys.

47. A video display device operative to:process a video signal to detect a
secure timestamp indicating a time when transmission of the video signal
is initiated from a signal source to the at least one display
device;compare the secure timestamp with a time at which the video signal
is first received by the display device;prevent display of the video
signal by the display device if a difference between the time the video
signal is first received by the display device and the time indicated by
the secure timestamp is greater than or equal to a defined maximum;
anddisplay a video image supplied by the video signal if the difference
is less than the defined maximum.

48. The video display device of claim 47, further configured to detect
whether a copy-never indicator is associated with the video signal.

49. The video display device of claim 48, further configured to prevent
display of the video signal if the copy-never indicator is detected and
the difference between the time the video signal was received and the
time indicated by the secure timestamp is less than or equal to a defined
maximum.

50. The video display device of claim 47, further configured to display
the video signal if the detector fails to detect a secure timestamp
associated with the video signal, regardless of the difference between
the time the video signal was received and the time indicated by the
secure timestamp.

51. The video display device of claim 47, further configured to determine
a value of the secure timestamp from a vertical blanking interval of the
video signal.

51. The video display device of claim 47, further configured to determine
a value of the secure timestamp from a watermark in the video signal.

52. The video display device of claim 47, further configured to prevent
display of the video signal if the time difference exceeds a number in
the range of about 1 to 1000 milliseconds.

53. The video display device of claim 47, further configured to prevent
display of the video signal if the time difference exceeds a number in
the range of about 1 to 100 minutes.

54. The video display device of claim 47, further configured to decrypt a
value for the secure timestamp using public and private keys.

[0003]The present invention relates generally to a method and system for
controlling the use of unauthorized content, and specifically for
controlling the display of content that is marked as "copy-never."

[0004]2. Description of Related Art

[0005]Various techniques for copy protection of digital information such
as music and movies in digital form are known in the art. For example,
according to some prior art schemes for copy protection, digital content
is marked or flagged to indicate whether and the extent to which the
content may be copied. Such flags or marks may include "copy freely"
"copy once," and "copy never." As used herein, copy never (or
"copy-never") indicates that further copying of the content is forbidden.
Accordingly, when a compliant recording device--one that is looking for
content usage right management information--detects the copy-never mark,
the compliant recording device will not copy the content. Well-known
techniques for marking the content with content usage rights include
using the Analog Protection System (APS), Copy Generation Management
System for Analog (CGMS-A), Copy Generation Management System for Digital
(CGMS-D), and watermarking.

[0006]However, such copy protection schemes are subject to certain
weaknesses. For example, while compliant recording devices may be
prevented from making a copy of copy-never content, there is nothing to
prevent an output stream from a media playing device, such as a DVD
player, D-VHS player, HD DVD player, computer, or from a broadcast
system, from being copied by a non-compliant recording device--one that
is not looking for content usage rights management information (such as
copy never) and can therefore still copy the content despite the
existence of a copy-never mark. Accordingly, illegal copies of copy-never
content may be created, which can then be processed or displayed (but not
copied) on compliant devices.

[0007]It is desirable, therefore, to provide a method and system for
controlling the use of illegally copied content by compliant display
devices, that overcomes the limitations of the prior art.

SUMMARY OF THE INVENTION

[0008]The present invention provides a method and system for controlling
the use of content that more effectively prevents the use of illegally
copied content. In an embodiment of the invention, a display device is
prevented from displaying content marked as copy-never, unless the
content is received within a specified amount of time from that indicated
by a time-of-play indicator. The time-of-play and copy-never indicators
may be securely embedded in the content using any suitable method known
in the art, for example, encryption or watermarking.

[0009]In an embodiment of the invention, a display device comprises a
television, computer monitor, personal data assistant (PDA), or similar
device of any suitable construction that further comprises, without
limitation, a cathode-ray tube, an LCD, or a gas plasma display.
According to the prior art, such display devices are not configured to
participate in copy protection schemes, unlike media players or
recorders. Instead, display devices are typically used merely to receive
a video signal and process it in a determinate fashion. In an embodiment
of the invention, however, a display device additionally includes systems
for reading time-of-play and copy-never indicators, determining a current
time, and handling the video signal according to the status of those
indicators. For example, if the time between when content is transmitted
and when it is received exceeds a defined maximum amount of time, the
display device may be configured to prevent or interfere with display of
the received content. Similarly, the display device may be configured to
prevent or interfere with display of the received content if the
receiving apparatus does not receive an indication of when the content
was transmitted when it otherwise knows that such mark should be present,
evidence of tampering.

[0010]In addition, the display device may be provided with systems for
determining a current time that is synchronized with the signal source
(e.g., a media player, broadcaster, or other source of the video signal)
that embeds the time-of-play indicator in the video signal. In an
embodiment of the invention, the display device is able to synchronize
with the signal source by periodically communicating with the signal
source using a separate communication line, such as a telephone line. In
the alternative, or in addition, synchronization may be accomplished in
any other suitable fashion, such as by communicating over the same
connection used for the video signal, or both having devices (the display
device and the signal source) obtain a current time from a third-party
timekeeper. Various third-party sources of reliable time are known in the
art.

[0011]Thus, the present invention provides a system and method for
preventing the display of unauthorized copies of recorded content on
compliant display systems. Operation of the method may further be
illustrated by the following example. As an initial step, a media player
or other source of a video signal may determine whether particular
content is marked as copy-never. If the content is marked copy-never,
before the media player communicates the content to an external device,
such as a display or storage device, the media player may insert a secure
indicator, such as a watermark, into the video signal. The secure
indicator may indicate that the video signal is copy-never content, or
originated from copy-never content.

[0012]In addition, the secure indicator may include a mark or timestamp
indicating the current time and date, which may be obtained from an
internal or external clock, or in the alternative, the current time and
date may be inserted in a second secure indicator embedded in the video
signal. Time and date may be recorded in any suitable time format.

[0013]Upon receiving the video signal, the display device may determine
whether the video signal contains a copy-never indicator. If a copy-never
indicator is detected, the display may also determine whether the video
signal contains a time-of-play indicator. If detected, the display device
compares the time-of-play indicator with the time obtained from an
independent source, such as an internal or external clock, and determines
a time lag. If the time lag exceeds a defined maximum, the display device
prevents normal display of the content, or completely prevents display of
the video signal.

[0014]Thus, for example, if the video signal originated from a compliant
media player directly connected to a compliant display device and playing
an authorized copy of media content, the content would display normally
because it would contain the required secure indicators, and the time lag
measured by the display device would not exceed the defined maximum. If,
on the other hand, the otherwise compliant video signal was copied and
later transmitted to the compliant display device, this would introduce a
time lag that would likely exceed the maximum permissible, lag,
preventing normal display of the video signal.

[0015]Likewise, if the otherwise compliant video signal was transmitted to
a remote display device not authorized for use of the content, depending
on the remoteness of the receiving device this would also introduce a
time lag measurably greater than would be expected for transmission to a
nearby display device. As for video signals from non-compliant sources,
these can be identified as such and prevented from normal play by
compliant display devices.

[0016]The maximum permissible time lag may vary depending on the network
over which the video signal is permitted to be transmitted. In the case
of protection against unauthorized copying, the granularity of the secure
time could be on the order of minutes or even tens of minutes. In the
case of protection against unauthorized remote viewing, the granularity
of the secure time could be on the order of milliseconds or less to
distinguish between transmission latencies for direct analog connections
or local area network digital connections and wide area network digital
connections. For example, if redistribution is only permitted over a
direct connection, the expected time lag may approach the cable length
divided by the speed of light. Other transmission networks, for example
the Internet, should introduce easily detectable delays in comparison to
a relatively short direct connection, such as cables muted within a
single home or apartment. For further example, there should also be a
statistically significant difference in transmission time between
distribution over a local area network, and distribution to a distance
device over a wide area network. Such differences may be characterized by
one of ordinary skill, and used as a basis for determining a maximum
acceptable time lag.

[0017]In addition, the length of a maximum acceptable delay may depend on
the business model used for distribution of the content in question. For
example, a time lag on the order of about 1-1000 ms, such as about 7 ms,
may be useful to restrict distribution to near-instantaneous viewing
within a close physical proximity. On the other hand, longer delays may
prove useful for content distributed under business models that allow for
reasonable pausing of content. For such content, maximum acceptable
delays on the order of one or several hours, or 1 to 100 minutes, such as
about 90 minutes, may be useful. The invention is not limited to any
particular definition of maximum delay.

[0018]A more complete understanding of the system and method for
preventing the display of unauthorized content on compliant display
systems will be afforded to those skilled in the art, as well as a
realization of additional advantages and objects thereof, by a
consideration of the following detailed description of the preferred
embodiment. Reference will be made to the appended sheets of drawings
which will first be described briefly.

BRIEF DESCRIPTION OF THE DRAWINGS

[0019]FIG. 1 is a diagram showing an exemplary system for controlling the
display of content according to the invention.

[0020]FIG. 2 is a flow diagram showing exemplary steps of a method for
controlling the display of content.

[0021]FIG. 3 is a flow diagram showing exemplary steps of an alternative
method for controlling the display of copy-never content.

[0022]FIG. 4 shows an exemplary rogue device for circumventing a
copy-protection system according to the invention.

[0023]FIG. 5 shows exemplary steps of a method for circumventing a system
for preventing normal display of an unauthorized video signal.

[0024]FIG. 6 shows exemplary steps of a method for circumventing a system
for preventing normal display of an unauthorized video signal.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

[0025]The present invention provides a method and system that satisfies
the need for a more secure method and system for controlling the use of
illegally copied content, by preventing the normal display of a received
video signal that is not authorized. In the detailed description that
follows, like element numerals are used to indicate like elements
appearing in one or more of the figures.

[0026]FIG. 1 shows a system 100 for preventing normal display of a
received video signal that is not authorized for use at a display device.
System 100 comprises signal sources 102 and 104 provided on a network 106
such as the Internet, and a compliant display device 108 operatively
coupled to the network 106. Digital content such as a video or audio
signal intended for a media driver may be vulnerable to being intercepted
and stored on a storage device 107 as it passes through the unknown
network. Thus, the signal may emerge from the network 106 and arrive at
multiple display devices at different times. Without some method of
determining whether the video or audio signal has been duplicated or sent
off to a prohibited remote location, even a copyright
management-compliant source device may be caused to operate in an
unauthorized fashion.

[0027]Signal sources 102 and 104 are intended to be illustrative, and not
limiting, as to the specific types of devices employed. Display device
108 may be operatively connected to signal source 102 or 104 through the
network 106, utilizing any suitable hardware or software system equipment
as known in the art.

[0028]Signal source 102 processes copy-never content that is prerecorded
on media 110, such as a DVD, to generate a video signal. Signal source
102 comprises a secure time source 112 and an encoder 114 such as a
watermark inserter for embedding a secure timestamp in the video signal.
Other suitably robust systems known in the art, such as the use of VEIL
marks, may be used to reliably embed the secure timestamp or other
information in the video signal.

[0029]Similarly, signal source 104 broadcasts a video signal generated
from a live video source 116. Signal source 104 comprises a secure time
source 118 and an encoder 120 such as a watermark inserter for marking or
embedding a secure timestamp in the video signal. Encoder 120 may also be
configured to embed a copy-never indicator into the video signal.
Preferably, the video signal is marked in real-time, or near real-time,
as to prevent introducing noticeable delay into the transmission of the
video signal. Any suitable hardware or software system may be used to
embed the information in the video signal, in real-time or otherwise, as
is known in the art. In the alternative, signal source 104 may broadcast
a prerecorded video signal already marked as copy never, thereby
alleviating the need for encoder 120 to embed a copy-never indicator Into
the video signal. In such case, only the timestamp need be inserted at
the time of broadcast.

[0031]Comparator 124 is also operatively connected to a secure time source
126 and to display driver 128. Comparator 124 compares the secure
timestamp with the time indicated by the secure time source 126. If the
difference between the time indicated by the secure time source 126 and
the secure timestamp is greater than a defined delay, or if detector 122
does not detect a secure timestamp in the first place when it otherwise
knows that one should exist, comparator 124 sends a signal to display
driver 128 to disable or modify the display of the content. For example,
the display may scramble the content or blank the screen. Optionally, the
display driver may display a message on the screen indicating a problem
with authorization has been detected. Other configurations to ultimately
prevent the normal display of a received video signal besides disabling
the display driver may also be suitable, and one of ordinary skill may
readily implement such configurations using any known circuitry or
programming language.

[0032]If the difference between the time indicated by the secure time
source 126 and the secure timestamp is less than or equal to a defined
delay, comparator 124 may send a signal to display driver 128 to enable
display driver 128. In the alternative, the comparator 124 may not send a
signal to display driver 128 if the state (enabled or disabled) of
display driver 128 does not need to change. For example, if display
driver 128 is enabled, the absence of a signal from the comparator 124
may result in normal processing of the video signal by driver 128.

[0033]FIG. 2 shows exemplary steps of a method 200 for preventing the
normal display of an unauthorized video signal in conjunction with
elements of system 100. Other or different steps may also be suitable,
and one of ordinary skill may readily implement such steps using any
suitable programming languages and methods. Being configured to accept
signals from compliant signal sources, at step 202, display device 108
receives a video signal. At step 204, display device 108 determines
whether a secure timestamp is associated with the video signal. Data such
as a secure timestamp may be associated with or embedded in a video
signal as is known in the art. For example, a timestamp may be placed in
a vertical blanking interval, or in a video watermark. For further
security, the timestamp may be encrypted using a known method, and
decrypted by the receiving device.

[0034]If a secure timestamp is not detected ("N" at step 204), then normal
display of the video signal may be prevented at step 208 If the system
otherwise, using known methods including a priori knowledge or context,
determines that such a mark should have been embedded in the video
signal. If a secure timestamp is detected ("Y" at step 204), the lag
between the video signal being transmitted by video source 102, for
example, and display device 108 is calculated at step 208. If the lag is
less than or equal to a defined maximum ("Y" at step 206), then normal
display of the video signal may be allowed at step 210. If the lag is
greater than a defined maximum ("N" at step 206), then normal display of
the video signals may be prevented at step 208.

[0035]FIG. 3 shows exemplary steps of a method 300 for preventing the
normal display of unauthorized copy-never content in conjunction with
elements of system 100. Method 300 makes use of a timestamp in a manner
similar to method 200, and In addition, checks for a copy-never indicator
which is used to trigger authorization conditions partially different
from method 200. At step 302, display device 108 receives a video signal.
At step 304, display device 108 determines whether the video signal has
associated content usage right management information. If no content
usage rights management information is detected ("N" at step 304), then
normal display of the video signal may be prevented at step 312, If the
system otherwise determines ("Y" at step 305), using known methods
including a priori knowledge or context, that such a mark should have
been embedded in the video signal. If content usage rights management is
not detected ("Y" at step 304), display device 108 may determine whether
copies of the video signal are allowed at step 306. If copies are allowed
("Y" at step 306), then normal display of the video signal may be allowed
at step 314. If copies are not allowed ("N" at step 306), then display
device 108 determines whether a secure timestamp is associated with the
video signal at step 308.

[0036]If a secure timestamp is not detected ("N" at step 308), then normal
display of the video signal may be prevented at step 312, again subject
to a determination ("Y" at step 305) that a timestamp should have been
embedded in the video signal. If a secure timestamp is detected ("Y" at
step 308), the lag between the video signal being transmitted by video
source 102, for example, and display device 108 may be calculated at step
310. If the lag is less than or equal to a defined maximum ("Y" at step
310), then normal display of the video signal may be allowed at step 314.
If the lag is greater than a defined maximum ("N" at step 310), then
normal display of the video signals may be prevented at step 312.

[0037]Although the above embodiments have been described in terms of video
signals and display devices, this invention may also be applicable to
other types of signals, such as audio signals, which may be received by
non-display devices, such as MPS players or similar devices. As such,
this invention may be used as a controlling function for any time of
communication or transaction that is confined in time. In addition, to
the embodiments of the system and method of the invention described
above, the invention can be applied not only to display devices, but to
any other systems for controlling the function of any type of
communication or transaction that is confined in time.

[0038]Unfortunately, any content protection scheme may be circumvented by
a determined infringer. Systems and methods for circumventing the present
invention may include, for example, inserting a rogue copying device
upstream of a compliant display device. The rogue device may be
configured to masquerade as a compliant receiving device, a compliant
source device, or both. That is, on the one hand, to a compliant
receiving device, for example, a compliant display, the rogue device may
appear to be a compliant source. On the other hand, to a compliant source
device, for example a DVD player, the rogue device may appear to be a
compliant receiving device. A rogue device that mimics both compliant
source and compliant display behavior may be designed based on an
analysis of compliant devices. And even if operational characteristics of
the compliant devices have been effectively prevented from being
discovered by inspection and analysis, information for overcoming a
device's security features may be misappropriated. It should be apparent,
therefore, that creation of a rogue device should be considered a
possibility, even when stringent security measures have been used to
prevent it.

[0039]Of course, the disclosure herein is not meant to condone or
encourage illegal circumvention of copy-protection systems. To the
contrary, it is hoped that the disclosure may serve to alert users of the
copy-protection methods disclosed herein of potential circumvention
techniques, and thus encourage more careful and secure implementation of
the invention, as well as the development of further safeguards against
circumvention.

[0040]FIG. 4 shows a rogue circumvention device 402 disposed in a system
400 of compliant devices designed to prevent the display of unauthorized
video signals. FIG. 4 is similar to FIG. 1, in that compliant receiving
device 404 of FIG. 4 parallels compliant display device 108 of FIG. 1,
compliant source device 406 of FIG. 4 parallels signal source 102 or 104
of FIG. 1, and rogue device 402 of FIG. 4 parallels storage device 107 of
FIG. 1. Rogue device 402 comprises a watermarking device 408 and a
storage device 410. Storage device 410 is operatively connected to
compliant source device 406 through a network for example, for receiving
a video signal containing a watermark. Storage device 410 is also
operatively connected to watermark device 405. The use of watermark
device 408 is intended to be illustrative, and not limiting. Other known
devices may be employed as appropriate, depending on the copy-protection
scheme implemented in system 400. Thus, watermark device 408 would be
appropriate to identify the timestamp end/or the content usage rights
management information embedded as a watermark in the video signal.

[0041]Watermark device 408 may adjust the timestamp to the time, or
approximate time, that rogue device 402 transmits the video signal to the
operatively connected compliant receiving device 404. The purpose of the
modifying the timestamp is to remove the transmission delay that may be
caused by the rogue device's interception of the video signal, and
thereby allow for the normal display of the video signal by a compliant
display device. Alternatively, or in addition, watermark device 408 may
modify the content usage rights management information to change any
copy-never indicator to copy-once or copy-freely, for example. Such
modification of the content usage rights management may be effective in
the case that system 400 allows the normal display of a video signal that
is "copy-allowable" (or not copy-never) regardless of the timestamp
associated with the video signal.

[0042]Storing of the received content allows rogue device 402 to transmit
a "modified" video signal at an indeterminate time after receiving the
video signal from compliant source device 406. In other words, at a
subsequent time after storing the received video signal, rogue device 402
may output the video signal from storage device 410 to watermarking
device 408 to modify the embedded timestamp and/or content usage right
management information for transmission to any compliant receiving
device. Any suitable storage device may be used to store the received
content as is known in the art. For example, a hard drive, tape drive,
CD, DVD, or random-access or flash memory may be used.

[0043]To the extent that communication between compliant source and
receiving devices is effectively secured, it will not be possible for
would-be infringers to successfully interpose a rogue device between
them. Care should therefore be taken to secure these communications.
However, presuming that rogue device 402 has been successfully configured
and placed between compliant source device 406 and compliant receiving
device 404, it may be possible to circumvent the protection methods
disclosed herein, as follows.

[0044]FIG. 5 shows exemplary steps of a method 500 for circumventing a
system for preventing the normal display of unauthorized video signal in
conjunction with elements of system 400. Initially, rogue device 402
receives content from a compliant source device 406 at step 502, and
stores the content for later distribution to compliant or non-compliant
display devices at step 504. Depending on the configuration of the
timestamp (e.g., watermark or encrypted in the vertical blanking
interval), the rogue device 402 replaces the original timestamp with a
new timestamp bearing the time, or approximate time, of retransmission to
a receiving device at step 506. At step 508, rogue device 402 may then
transmit the modified content to compliant receiving device 404.
Therefore, even if the receiving device is compliant with the methods
disclosed herein, it may not be able to discern the true time lag from
the original compliant content source and thus display the content
normally.

[0045]Alternatively, it may not be necessary to replace the timestamp in
the case when the copying of the content is permitted. That is, a
compliant display device may allow the normal display of a video signal,
regardless of the transmission time, when copying of the content is
permitted. Therefore, in an alternative embodiment, rogue device 402 may
alter the content usage rights management information in the content. For
example, a rogue device might change a "copy-never" indicator to "copy
freely." FIG. 6 shows exemplary steps of a method 600 for circumventing a
system for preventing the normal display of unauthorized video signal in
conjunction with elements of system 400. Initially, rogue device 402
receives content from a compliant source device 408 at step 602, and
stores the content for later distribution to compliant or non-compliant
display devices at step 804. At step 806, rogue device 402 may replace a
"copy-never" indicator with a "copy-freely" indicator. The step at which
the content is stored may vary. For example, rogue device 402 may copy
the content after the content usage rights management information has
already been modified. At step 608, rogue device 402 may then transmit
the modified content to compliant receiving device 404. Therefore, even
if the receiving device is compliant with the methods disclosed herein,
it may determine that the received content is authorized from the
original compliant content source, and thus display the content normally.

[0046]Depending on how the methods disclosed herein are implemented, it
may be easier to alter a timestamp than to alter the content usage rights
management information. For example, a timestamp might consist of easily
identified bits in a vertical blanking interval, while content usage
rights management information may be placed in a watermark that is more
difficult to read or alter. The converse may also be true. Either way,
rogue device 402 may be configured to alter a minimal amount of
Information that is most readily accessed to circumvent the content
protection methods disclosed herein. Any of these various circumvention
methods, and systems for performing them, should also be considered
within the scope of the invention.

[0047]Having thus described a preferred embodiment of a system and method
for controlling use of copy-never content, it should be apparent to those
skilled in the art that certain advantages of the invention have been
achieved. It should also be appreciated that various modifications,
adaptations, and alternative embodiments thereof may be made within the
scope and spirit of the present invention. The Invention is further
defined by the following claims.